Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Add Port to every VLAN?

SOLVED
Go to solution
Max Lohrmann
Occasional Contributor

Add Port to every VLAN?

Hi,

I'm currently planning to use VLANs for separating our network. Some of the stuff I'm wanting to do:
- Making sure WLAN clients can only access the WLAN Controller (as gateway) and not other parts of the network
- Making sure normal users can not directly access our printservers
- Separating broadcast domains so that one user can not broadcast to all computers

We have 1800 and 1700 switches.

I already figured out how to configure them for VLAN aware devices (WLAN APs, Switch-Switch connection) but I have one problem:
There are devices on our network (like servers) which are not VLAN aware and need to have access to every VLAN.
Adding those by hand in the switch configuration would be really tedious work and error prone for changes.
Is there any better solution?

Best regards

Max
4 REPLIES
RicN
Valued Contributor
Solution

Re: Add Port to every VLAN?


>There are devices on our network (like
>servers) which are not VLAN aware and need
>to have access to every VLAN.

If the servers are not VLAN-aware than they can only recieve untagged frames, and you can only have one untagged VLAN per port.

The solution is probably to access the different VLANs through Layer 3 routing.
Mohieddin Kharnoub
Honored Contributor

Re: Add Port to every VLAN?

Hi

As RicN mentioned, you need a L3 device to provide such achievement.

However, if you are using the ProCurve WESM as your wireless controller, it has a Routing feature that can be used to achieve this.

Good Luck !!!
Science for Everyone
Max Lohrmann
Occasional Contributor

Re: Add Port to every VLAN?

Thanks for your replies.

After thinking about it closely for a moment I realized that a Layer 2 switch can not decide which VLAN a Layer 3 IP Packet should belong to.

However on those servers which should be accessible from multiple VLANs (and vice versa) we use Intel PRO network adapters which should have a basic VLAN ability.

So my best idea would be to create different subnets (one for printservers, one for each broadcast group, etc.) and then assign a VLAN to each subnet (I haven't worked with Intels VLAN yet so I don't know if they provide any other way to assign VLANs).

This would however also mean a major reconfiguration as we currently use 172.16.0.0/16 and leave our servers with a little identity crisis when they have 8 or more IPs (from my experience the MS DNS server will still send all of the servers IPs but clients will often choose the wrong one)

Layer 3 switches or multiple routers are sadly not option for us.
RicN
Valued Contributor

Re: Add Port to every VLAN?


>This would however also mean a major
>reconfiguration as we currently use
>172.16.0.0/16

That is however what you must do IF you really want to use VLAN. A Layer 2 VLAN is a Layer 3 IP subnet. To use VLANs you must divide your large IP subnet into smaller networks.

>Layer 3 switches or multiple routers are
>sadly not option for us.

Since your number of VLANs seems to be quite small than almost anyone of the Procurve 2xxx supports static L3 routing for at least 16 subnets, which should be enough for you, and such a device is not expensive at all.